CVE-2018-1000211

{"id": "CVE-2018-1000211", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-07-13T18:29:00.443", "references": [{"url": "https://github.com/doorkeeper-gem/doorkeeper/issues/891", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1119", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/doorkeeper-gem/doorkeeper/issues/891", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1119", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry."}, {"lang": "es", "value": "Doorkeeper en versiones 4.2.0 y posteriores contiene una vulnerabilidad de control de acceso incorrecto en el m\u00e9todo autorizado de la API de revocaci\u00f3n de tokens que puede resultar en que los tokens de acceso no se revocan para las aplicaciones p\u00fablicas de OAuth, filtrando el acceso hasta que expiran."}], "lastModified": "2024-11-21T03:39:56.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D31753A-773E-43B2-B53E-7C293E278617", "versionEndIncluding": "4.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}